> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Saturday, 03 December, 2011 20:44
> > 2. Is there any way to decrypt Application data (HTTP > > data) on wireshark itself ? > > If using kRSA and you have/get the server's private key, yes. > Edit / Preferences / Protocols / SSL and supply the keyfile. > > If using ephemeral or anonymous DH or ECDH, it is not generally > possible to reconstruct keys from stored and transmitted data, > called Perfect Forward Secrecy, although if either end uses > OpenSSL with _tmp_[ec]dh_ keys that are known or logged, you could; > it appears wireshark doesn't. On rereading, I realize this is wrong. _tmp_[ec]dh_ only sets the _parameters_; the actual key (X,Y) is nonce. You'd have to extract it from the SSL* and save it explicitly, and then have code to use it (which wireshark doesn't seem to). > Similarly for temporary (export) > RSA, if the server uses _tmp_rsa_ that is known or logged; > I don't know if wireshark does that and didn't bother testing > because RSA-export is stupid and obsolete. > On the other hand, I left out: if either end caches the SSL session in an accessible form (which OpenSSL can) that includes the master, which with the (visible) handshake is enough to derive the working keys, and decrypt the data. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
